akde/infosec

Click Here

Notes

AdminsCIADo any­thing to increas­es availability.
ITSec/InfosecCIADo any­thing to restrict people.

About information security

  • To work against an attack­er, we need anoth­er mind­set as we would need to pro­tect agains a “sim­ple” mal­func­tion / bug in a system.
  • We need to be able to rea­son­ing in uncer­tain­ty, because we’ll nev­er know all what is to know about a sys­tem — even our own.

Thoughts

Defend­ers think in lists. Attack­ers think in graphs. As long as this is true, attack­ers win.”

Defend­er and attack­er mindsets
  • Infor­ma­tion secu­ri­ty is about under­stand­ing the attack­ers mind­set as well as under­stand­ing the technology.
  • A small attack sur­face is eas­i­er to defend than a large one.